Vulnerability CVE-2006-4657
Published: 2006-09-08   Modified: 2012-02-12

Description:
Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 stores service executables under the product's installation directory with weak permissions, which allows local users to obtain LocalSystem privileges by modifying (1) WebProxy.exe or (2) PAVSRV51.EXE.

See advisories in our WLB2 database:
Topic
Author
Date
High
Panda Platinum Internet Security privilege escalation / bayesian filter control security vulnerabilities
3APA3A (3APA3A S...
12.09.2006

Type:

CWE-Other

CVSS2 => (AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.2/10
10/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Panda -> Panda platinum internet security 

 References:
http://securityreason.com/securityalert/1524
http://www.security.nnov.ru/advisories/pandais.asp
http://www.securityfocus.com/archive/1/445479/100/0/threaded
http://www.securityfocus.com/archive/1/445889/100/0/threaded
http://www.securityfocus.com/bid/19891
http://www.vupen.com/english/advisories/2006/3514
Copyright 2024, cxsecurity.com

 

Back to Top